Committee Democrats Introduce Three Bills to Improve Consumer Cybersecurity
WASHINGTON, DC – Today, Democratic members of the Energy and Commerce Committee introduced three bills to update U.S. cybersecurity policies and protect consumers. In recent years, millions of Americans have had their personal data stolen and high profile attacks—like the denial-of-service (DDoS) attack on Dyn last year—have raised serious questions about our cybersecurity laws and our ability to prevent similar attacks in the future.
The Cybersecurity Responsibility Act, introduced by Rep. Yvette Clarke (D-NY), would require the Federal Communications Commission (FCC) to adopt cybersecurity rules protecting communications networks from cyber-attacks.
“It has become clear that we need to have a comprehensive policy on cybersecurity that protects personal information, from the pin number for your debit card to your email password to your medical records,” said Rep. Clarke. “With the authority to regulate international and interstate communications in the interest of the public, the FCC should collaborate with experts in cybersecurity to develop best practices that will allow internet providers and other companies to protect themselves and their customers from the threat of hacking. We have to fight any attack on our personal privacy – as well as the institutions of our democracy – from cyberterrorists.”
The Interagency Cybersecurity Cooperation Act, introduced by Rep. Eliot Engel (D-NY), requires the FCC to create an interagency committee to review cybersecurity incidents, recommend investigations, and issue regular reports on the results of these investigations including relevant findings and policy recommendations.
“Following Russian tampering in last November’s election it is imperative that we redouble our efforts when it comes to cybersecurity,” said Rep. Engel. “The bill I have authored, the Interagency Cybersecurity Cooperation Act, will require all agencies in the federal government to report cybersecurity incidents to the FCC, which will then recommend investigations and offer periodic reports on their findings to Congress. This bill is critical to both national security and the preservation of our personal information. Cybersecurity reforms like these must be a priority in this Congress, so I encourage all of my colleagues to support this commonsense measure.”
The Securing IoT Act, introduced by Rep. Jerry McNerney (D-CA), requires that Internet of Things (IoT) devices be certified to be in compliance with cybersecurity standards. These standards are to be established by the FCC, in consultation with the National Institute of Standards and Technology, and are to address cybersecurity throughout the life cycle of the device.
“The proliferation of IoT devices creates immense opportunities for our society, including new jobs and efficiencies in all aspects of our everyday lives. However, the security of these devices has not kept up with the rapid pace of innovation and deployment,” said Rep. McNerney. “Security vulnerabilities in IoT devices are likely to pose threats to our national security and endanger our nation’s economy. This is especially concerning given that at least 20 billion devices are anticipated to be in use by 2020. My legislation, the Securing IoT Act, helps to address this issue by requiring that security standards be established for IoT devices and that these devices be certified to meet those standards. The legislation will help strengthen this market and protect consumers, business, and all the benefits that IoT devices offer.”
“Our networks and devices are the hub of our digital lives. They can make our lives better and our economy stronger, but only when they are secure,” said Ranking Member Frank Pallone, Jr. (D-NJ). “I commend my Democratic colleagues for proposing new approaches to protecting consumers from the growing barrage of cyber-attacks, especially from state-funded actors. These bills would ensure that Americans do not have to choose between innovation and security.”
Text of the three bills can be found below:
· The Cybersecurity Responsibility Act
· The Interagency Cybersecurity Cooperation Act
· The Securing IoT Act